It’s very early in the year, yet everyone has already had a complete meltdown (pun intended) over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to help mitigate these threats. However, problems in patching persisted.
As if this wasn’t challenging enough, some online criminals jumped on the bandwagon to take advantage of the hullabaloo to push out the Smoke Loader malware to inconspicuous user systems.
Lastly, in the realm of cryptocurrency, we saw an increase in malware payloads from the RIG exploit kit.
- The espionage group named Turla came back, but not with a bang [PDF]. (Source: ESET’s We Live Security Blog)
- Aadhar, the world’s largest biometric database located in India, houses the data of 1.2 billion citizens. Unfortunately, it was one of the easiest systems to breach. (Source: Sophos’s Naked Security Blog)
- Several apps in Google Play that left children exposed to adult entertainment ads were booted off the store. Good. (Source: Kaspersky’s Threatpost)
- Kotlin-coded Android malware was found on Google Play stealing data. Not good. (Source: Hack Read)
- In spite of its end-to-end encryption, a flaw found in WhatsApp allows snoopers to infiltrate supposedly secure group chats. Researchers who found the flaw advised the vendor to introduce an authentication feature for new group invites. (Source: Wired)
- Connecting to public Wi-Fi? Beware of CoffeeMiner. (Source: ZDNet)
- Once again, hackers took center stage for an upcoming global sports event by targeting organizations involved in the Winter Olympics. (Source: Financial Times)
- VTech, a well-known company that makes kids toys, agreed to settle a privacy lawsuit to the tune of $650,000. (Source: InfoSecurity Magazine)
- Savvy cybercrime syndicate source Linux systems with susceptible SSH ports to scour for Monero. (Source: Bleeping Computer)
Stay safe, everyone!
*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Malwarebytes Labs. Read the original post at: https://blog.malwarebytes.com/malwarebytes-news/2018/01/a-week-in-security-january-8-january-14/